A significant data leak from Star Health Insurance was reported in Aug, 2024, affecting approximately 3.1 crore customer records. The data, including mobile numbers, PAN details, addresses, and medical information, was allegedly accessible through a website created by a hacker
Star Health insurance had said it did not find any evidence of wrongdoing by the company’s chief information security officer in a data leak incident
Hyderabad: Insurance regulator IRDAI in its first ever penalty on any insurer for violating cyber regulations, on Friday, has imposed a stiff fine of Rs 3,39 crore on Chennai based Star Health
“The IRDAI is in exercise of power under Section14(1) of IRDAI Act 1999 and section 102 of the Insurance Act 1938 has imposed a penalty of Rs 3. 39 lakhs and issued warning for various violations established under IRDAI ‘s Information & Cyber Security Guidelines , 2023,’’ said IRDAI in a press release on Friday.
A significant data leak from Star Health Insurance was reported in Aug, 2024, affecting approximately 3.1 crore customer records.
The data, including mobile numbers, PAN details, addresses, and medical information, was allegedly accessible through a website created by a hacker.
The insurer’s stolen customer data including medical reports, were publicly accessible via chatbots on messaging app Telegram and through websites.
The hacker, known as xenZen, also claimed to have sent death threats and bullets to company executives.
However, Star Health Insurance, after reporting alleged unauthorized data access to local authorities, had said it did not find any evidence of wrongdoing by the company’s chief information security officer in a data leak incident.
It also had approached court to sue Telegram and the hacker to get the content removed from online platforms.
Afterwards, the websites on which the hacker publicly exposed the data, as well as Telegram chatbots deployed by the hacker, were taken down.
The company said that alleged communication between a hacker and the security officer were fabricated by the hacker.
Insurance companies hesitate during payment for hospitalisation to their insured clients.
Now this penalty definitely is a curse of people who are denied proper settlement.
Anyways it is a good lesson taught
Rightly Said. Also, Star Health has a record of rejecting genuine medical claims.
Very Bogush company
They harrase clients
& Linger genuine claims
Claim settlement service is very poor
IRDAI requires a strong medico legal experienced person.
Many grey spots in health insurance corporate claims
Thousands of crores of rupees are wasted. I am ready to give my services in the interest of nation and needy.
Yes. Star health Insuance is rejecting claims. I myself experience it recently. Genuine claim for podiatric sugery for my husbsnd. They are interested in only collecting premium. They are very arrogant. They don’t bother about anything. Real Robbery.
The leak of data of crores of customers like me is not just a technical mistake, but the result of serious negligence of the company. If such sensitive information-PAN, medical records, addresses-comes into the hands of a hacker, it is difficult to prevent its misuse. IRDAI’s fine is necessary, but Star Health must go beyond just complying with its legal obligations and publicly explain why it allowed security to fail and what concrete steps it has taken so far to make its systems secure. Until customer confidence is restored, it is natural for questions to be raised on the company.”
In Hindi
हम जैसे करोड़ों ग्राहकों का डेटा लीक होना सिर्फ एक तकनीकी गलती नहीं, बल्कि कंपनी की गंभीर लापरवाही का परिणाम है। इतनी संवेदनशील जानकारी—PAN, मेडिकल रिकॉर्ड, पते—अगर हैकर के हाथ में आ जाए तो इसका दुरुपयोग रोकना मुश्किल है। IRDAI का जुर्माना जरूरी है, लेकिन Star Health को सिर्फ कानूनी दायित्व निभाने से आगे बढ़कर सार्वजनिक रूप से यह बताना होगा कि उसने सुरक्षा क्यों फेल होने दी और अब तक किन ठोस कदमों से अपने सिस्टम को सुरक्षित बनाया है। जब तक ग्राहक का विश्वास दोबारा बहाल नहीं होता, तब तक कंपनी पर सवाल उठना स्वाभाविक है।”
Yes it is true